Re: Tracker inconsistency regarding gallery2?

To: debian-security-tracker@lists.debian.org
Subject: Re: Tracker inconsistency regarding gallery2?
From: Thijs Kinkhorst <thijs@debian.org>
Date: Sat, 10 Nov 2007 19:35:38 +0100
Message-id: <[🔎] 200711101935.40486.thijs@debian.org>
In-reply-to: <[🔎] 20071109235210.6d6ad147.frx@firenze.linux.it>
References: <[🔎] 20071109235210.6d6ad147.frx@firenze.linux.it>

Hi All,

On Friday 9 November 2007 23:52, Francesco Poli wrote:
> Hi all again!
>
> DSA 1404-1 [1] claims that gallery2 version 2.1.2-2.0.etch.1 fixes
> CVE-2007-4650 for etch.
> The DSA page [2] seems to confirm this.
> However the CVE page [3] tells a different story: it states that version
> 2.1.2-2.0.etch.1 is vulnerable.
> Is this a security-tracker internal inconsistency?

I'm a bit confused by this. The tracker information now says:

CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 
allow ...)
        {DSA-1404-1}
        - gallery2 2.2.3-1
        [etch] - gallery2 <unfixed> (bug #441407)
        NOTE: does not affect gallery 1.x (package 'gallery')

Do I need to replace that "<unfixed>" by hand by the fixed version? I somehow 
thought that the DSA-1404-1 would take care of that. Can someone enlighten me 
how this works exactly?


thanks,
Thijs

Attachment: pgpqdrgZqqCDy.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Tracker inconsistency regarding gallery2?
  - From: Nico Golde <fd@ngolde.de>
- Re: Tracker inconsistency regarding gallery2?
  - From: Moritz Muehlenhoff <jmm@inutil.org>

References:
- Tracker inconsistency regarding gallery2?
  - From: Francesco Poli <frx@firenze.linux.it>

Prev by Date: Re: Tracker inconsistencies for iceape?
Next by Date: Re: Tracker inconsistency regarding gallery2?
Previous by thread: Tracker inconsistency regarding gallery2?
Next by thread: Re: Tracker inconsistency regarding gallery2?
Index(es):
- Date
- Thread